There are a wide variety of methods uses to perpetrate phishing attacks, some of which include:
- Email / SpamWeb Based Delivery
- Instant Messaging
- Session Hacking
- Trojan HostsLink
- System Reconfiguration
- Content Injection
- Phone Phishing
- Malware Phishing
- Key Loggers
CURRENT TRENDS IN PHISHING
Initially, phishing was categorized as a type of spam, however due to current trends in phishing attacks it has emerged has a category of cyber-attack that can stand on its own. In fact, there are now many variants of phishing attacks which will be discussed in following articles and according to [1] email has been surpassed as the most common distribution instrument for phishing attacks. Links followed while web browsing and using messaging systems such as skype, account for over 80% of registered phishing attacks.
THE PHISHING PROCESS
Executing a phishing attack has a few stages, the following is a common approach used:
- The attacker obtains the e-mail addresses of the intended victims.
- The attacker generates an email that appears genuine and requests the email recipient to perform some action.
- The attacker sends the email to the intended victims in a way that seems to be legitimate, obscuring the true source.
- Depending on the content of the email, the recipient opens a malicious attachment, completes a form, or visits a web site.
- The attacker stores the victim’s sensitive information and exploits it for some kind of gain.
CONTEMPORARY PHISHING ATTACKS
The increase in the use of technology has also resulted in the increase in the number of methods and platforms used to execute phishing attacks. The following are a lists of common variations of traditional phishing attacks:
SMiShing
Definition: A form of Phishing that uses short messaging services (SMS) or text messages on mobile devices as a means of gather information that will then be used to exploit the victim.